We are very delighted that you have shown interest in our enterprise and our website. Data protection is of a particularly high priority for the management of Veith & Glaser GbR. The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to Veith & Glaser GbR. By means of this data protection declaration, our enterprise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process.
The legal standards require comprehensive transparency regarding the processing of personal data. Only if the processing is comprehensible to you as the data subject, you are sufficiently informed about the meaning, purpose and scope of the data processing. Below we therefore inform you in detail about the way your data is handled when using this website and your rights regarding your personal data.
Should you have any further questions regarding data protection, please do not hesitate to contact us by e-mail at firstname.lastname@example.org.
1. Name and Address of the controller
Controller for the purposes of the GDPR (in particular pursuant to Art. 4 (7) GDPR), other data protection laws applicable in member states of the European Union and other provisions related to data protection is:
Veith & Glaser GbR
Managing Director Fabian Glaser
Lenggrieser Str. 15
83646 Bad Tölz
2. Data Protection Officer (DPO)
Veith & Glaser GbR
Lenggrieser Str. 15
83646 Bad Tölz
3. General information on data processing
The use of the websites of Veith & Glaser GbR is generally possible without any indication of personal data; however, if a data subject wants to use special enterprise services via our website, processing of personal data could become necessary (e.g. contact form). If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.
Please note that links and features on our website may take you to other websites which are not operated by us but by third parties (e.g. YouTube, Bandcamp). Such links are either clearly marked by us or are recognizable by an obvious change in the address line of your web browser. We are not responsible or liable for compliance with the respective data protection regulations and safe handling of your personal data on these websites operated by third parties.
4. Processing during the use of the website
The website of Veith & Glaser GbR collects a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files. The following information is recorded and stored until it is automatically deleted:
the browser types and versions used,
the operating system used by the accessing system,
the website from which an accessing system reaches our website (so-called referrers),
the date and time of access to the Internet site,
an Internet protocol address (IP address),
the Internet service provider of the accessing system, and
any other similar data and information that may be used in the event of attacks on our information technology systems.
When using these general data and information, Veith & Glaser GbR does not draw any conclusions about the data subject. The mentioned data will be processed by us for the following purposes:
deliver the content of our website correctly,
optimize the content of our website as well as its advertisement,
ensure the long-term viability of our information technology systems and website technology, and
provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.
The legal basis for data processing is Art. 6 (1) (1) (f) GDPR. Our legitimate interest follows from the aforementioned purposes of data collection. Therefore, Veith & Glaser GbR analyses anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject. We do not combine this personal data with other data sources. Disclosure only takes place if it is necessary for the operation of our website, e.g. by storing it with our host provider. A transfer to a third country or to an international organization is not intended.
5. Processing by using individual services via our website
Various services are available on our website, where we collect personal data from you if you decide to use them.
5.1 Contact form / Contact us by e-mail
If you use the contact form on our website or send us an e-mail, we will process the personal data you provide us. This information is transmitted by your browser or e-mail client and processed in our IT systems. The processing of this personal data is necessary to answer your request. In addition, your IP address and the date and time of the contact request will be stored.
The processing of your personal data serves to answer your request and to prevent abuse of the contact form and to guarantee the security of our IT systems. These processing operations are lawful because the reply to your request and the protection of our IT systems represent legitimate interests within the meaning of Art. 6 (1) (1) (f) GDPR. If a contract is concluded after you have contacted us, the processing is also legal pursuant to Art. 6 (1) (1) (b) GDPR.
The personal data will be processed as long as necessary to respond to your request. Should your request lead to a later conclusion of the contract, processing will take place as long as this is necessary to carry out pre-contractual measures or to fulfil the contract. We do not merge your personal data with other data sources. Your personal data will not be disclosed to third parties. A transfer to a third country or to an international organization is not intended. You are not obliged to provide your personal data, but it is not possible to use the contact form or send an e-mail without providing it.
5.2 Applications and the application procedures
We collect and process the personal data of applicants for the purpose of the processing of the application procedure. The processing may also be carried out electronically. This is the case, in particular, if an applicant submits corresponding application documents by e-mail or by means of a web form on the website to us. If we conclude an employment contract with an applicant, the submitted data will be stored for the purpose of processing the employment relationship in compliance with legal requirements. If no employment contract is concluded with the applicant by us, the application documents will be automatically erased six (6) months after notification of the refusal decision, provided that no other legitimate interests of us are opposed to the erasure. These processing operations are lawful because the reply to your application represent legitimate interests within the meaning of Art. 6 (1) (1) (f) GDPR. If a contract is concluded after you have contacted us, the processing is also legal pursuant to Art. 6 (1) (1) (b) GDPR. Other legitimate interest in this relation is, e.g. a burden of proof in a procedure under the General Equal Treatment Act (AGG).
6. Data transmission
Your personal data will not be transmitted to third parties for purposes other than those listed below. We will only pass on your personal data to third parties if:
you have given your explicit consent pursuant to Art. 6 (1) (1) (a) GDPR,
the disclosure pursuant to Art. 6 (1) (1) (f) GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection not disclosing your data,
in the event that a legal obligation exists for the transfer pursuant to Art. 6 (1) (1) (c) GDPR,
this is legally permissible and required by Art. 6 (1) (1) (b) GDPR for the processing of contractual relationships with you, or
this is done to a service provider acting on our behalf and on our exclusive instructions, whom we have carefully selected (Art. 28 (1) GDPR) and with whom we have concluded a corresponding contract for order processing (Art. 28 (3) GDPR), which obliges our contractor, among other things, to implement appropriate safety measures and grants us comprehensive control powers.
Transmission to the service providers referred to in point (e) for the purpose of order processing shall take place in the following areas: technical provision and programming of the website, user communication, provision of software as a service.
Most browsers automatically accept Cookies. However, you can configure your browser so that no Cookies are stored on your computer or a message always appears before a new Cookie is created. The complete deactivation of Cookies can lead to the fact that you cannot use all functions of our website. The following links provide information on this option for the most frequently used browsers:
Microsoft Internet-Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Mozilla Firefox: https://support.mozilla.org/de/kb/Cookies-blockieren
8.1 Google Analytics
For the purpose of demand-oriented design and continuous optimization of our website, we use Google Analytics, a web analysis service provided by Google Inc. (https://www.google.de/intl/de/about) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”). In this context, pseudonymized user profiles are created and Cookies are used (see No. 7). The information generated by the Cookie about your use of this website such as
operating system used,
referrer URL (the previously visited page),
host name of the accessing computer (IP address) and
time of the server request
are transferred from your browser to a Google server in the USA and stored on Google servers.
Google Analytics is used for statistical purposes of our website, to evaluate them for the purpose of optimizing our offer for you and to further develop our offer and in particular our website. This constitutes a legitimate interest within the meaning of Art. 6 (1) (1) (f) GDPR. Data transmission to the USA is in accordance with EU Commission Decision 2016/1250 (EU-US Data Protection Shield). If your browser does not support Google Analytics or you deactivate this function, no data transfer takes place.
The pseudonymized user profiles are deleted after 14 months. The information is used to evaluate the use of the website, to compile reports on the website activities and to provide further services associated with the use of the website and the Internet for the purposes of market research and demand-oriented design of these websites. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of the company. Under no circumstances will your IP address be merged with other data from Google. The IP addresses are anonymized so that an assignment is not possible (IP masking). You can prevent the installation of cookies by setting your browser software accordingly (DO-NOT-TRACK).
You can also prevent the collection of data generated by the Cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en). For more information about privacy in connection with Google Analytics, please visit the Google Analytics Help Center (https://support.google.com/analytics/answer/6004245?hl=en).
8.2 Google Web Fonts
When visiting our website, so-called web fonts are downloaded for the uniform display of fonts. This content is provided by Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”). When accessing our website, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. To do this, the browser you are using must connect to Google’s servers. This gives Google knowledge that our website has been accessed via your IP address.
Google Web Fonts are used for the purpose of uniform and appealing presentation of our website. This constitutes a legitimate interest within the meaning of Art. 6 (1) (1) (f) GDPR. Data transmission to the USA is in accordance with EU Commission Decision 2016/1250 (EU-US Data Protection Shield). If your browser does not support web fonts or you deactivate this function, no data transfer takes place.
For more information about Google Web Fonts, visit https://developers.google.com/fonts/.
8.3 Google reCAPTCHA
On our website we are using Google reCAPTCHA (“reCAPTCHA”). This content is provided by Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”). reCAPTCHA is a free service that protects our website from spam and abuse. It uses advanced risk analysis techniques to tell humans and bots apart. With the new API, a significant number of our valid human users will pass the reCAPTCHA challenge without having to solve a CAPTCHA.
reCAPTCHA is used to prevent abuse of the contact form and to guarantee the security of our IT systems of our website. This constitutes a legitimate interest within the meaning of Art. 6 (1) (1) (f) GDPR. Data transmission to the USA is in accordance with EU Commission Decision 2016/1250 (EU-US Data Protection Shield). If your browser does not support Google reCAPTCHA or you deactivate this function, no data transfer takes place.
For more information about Google reCAPTCHA, visit https://developers.google.com/recaptcha/.
9. Integration of social media
On the basis of Art. 6 (1) (1) (f) GDPR we use the social networks YouTube, Twitter, Facebook, Bandcamp, SoundCloud and Spotify in order to make our website better known and to interact with our target groups. Responsibility for the data protection-compliant operation of these services is guaranteed by the respective provider. We integrate these services exclusively via a link so that visitors to our website have the best possible control over their personal data.
These social networks are operated exclusively by third parties, some of whom have their register office outside the E.U. or the EEA – there may therefore be no adequate level of data protection in accordance with the GDPR. The browser plug-ins and links on our website are identified by logos or other references. When you visit our website, which contains such a browser plug-in, a connection is automatically established between your device (browser) and the servers of the respective social network. This forwards the information that you have visited our website to the social network. If you are logged in to the social network via your personal user account or during your visit to our website, your visit to our website will be assigned to your account. By interacting with browser plug-ins or links, e.g. by pressing a “like” button or leaving a comment, this information is transmitted to the respective social network and stored there. The allocation of the data to your account can therefore be prevented on the one hand by logging out of your account (of the respective social network) before visiting our website. On the other hand, you can also completely prevent the loading of the respective plug-ins with an add-on for your browser, e.g. with the script blocker “NoScript” (http://noscript.net/).
The purpose and scope of data collection through social networks as well as the further processing and use of your data and your rights and setting options for the protection of your privacy can be found in the respective data protection information of the operators:
Provider: Google Inc., Amphitheater Parkway, Mountain View, CA 94043, USA
Provider: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
Provider: Facebook Inc., 1601 Willow Road, Nelo Park, CA 94025, USA
Provider: DMCA Complaints, Bandcamp, 1901 Broadway, Oakland, CA 94612 USA
Provider: SoundCloud Limited, Rheinsberger Str. 76/77 10115 Berlin, Germany
Provider: Spotify AB, Regeringsgatan 19, Stockholm, 111 53, Schweden
10. Rights of affected persons
10.1 Right of access, Art. 15 GDPR
You shall request confirmation, whether Veith & Glaser GbR is processing your personal data. Veith & Glaser GbR shall require proof of identity in accordance with its security procedures, before disclosing information. We shall provide you with the following information without undue delay, at the latest within one month:
the purposes of the processing,
the categories of personal data concerned,
the recipients or categories of recipient to whom the personal data have been or will be disclosed,
the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period,
the right of rectification or erasure of personal data or restriction of processing of personal data or to object to such processing,
the right to lodge a complaint with a supervisory authority,
where the personal data are not collected from the data subject, any available information as to their source,
the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you,
where personal data are transferred to a third country or to an international organization: information of the appropriate safeguards relating to the transfer.
At any time, you shall request information under the contact details mentioned (by e-mail or regular mail) free of charge. There are no other costs than the postage or usual transmission costs. We provide you with a copy of all data processed by us in a common electronic format (e.g. PDF, DOC, RTF, etc.). The processing of inquiries can be refused if they are offensive/annoying, endanger the personal rights of others, are extremely impracticable or otherwise if the provision of information is not provided for under the respective legal system. If we refuse to provide you with information, you will be informed of the reasons for this refusal.
10.2 Right to rectification, Art. 16 GDPR
You shall have the right to obtain without undue delay the rectification of inaccurate personal data. Furthermore, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement (by e-mail or regular mail).
If you contest the accuracy of the personal data, we are obliged to restrict the processing of the respective data (“restriction”). The restriction continues until we have determined whether the respective data is correct or incorrect.
10.3 Right to restriction of processing, Art. 18 GDPR
You shall have the right to obtain restriction of processing where one of the following applies:
the accuracy of the personal data is contested (see sec. 10 (b)),
the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead,
Veith & Glaser GbR no longer needs the personal data for the purposes of the processing, but they are required for the establishment, exercise or defense of legal claims,
you objected to processing pursuant to sec. 10 (d) (Article 21(1) GDPR) pending the verification which legitimate grounds override.
For the duration of the restriction, personal data may only be processed with your consent, with the exception of storage. Consent may be refused. For the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest, the data can be processed without consent. We will inform you before the restriction of processing is lifted.
10.4 Right to erasure (“right to be forgotten”), Art. 17 GDPR
You shall have the right to obtain the erasure of personal data without undue delay where the personal data are no longer necessary in relation to the purposes for which they were processed. The same applies, where you withdraw consent, and where there is no other legal ground for the processing. You also can object to the processing. The personal data have to be erased if they have been unlawfully processed or for compliance with a legal obligation in European Union or Member State law.
You shall have a right to access (see sec. 10 (a)). You can request the erasure by e-mail or regular mail from us under the contact details mentioned in sec. 1. There are no further costs than the usual postage or transmission costs.
If Veith & Glaser GbR has published personal data, it will also inform third parties about the request for erasure.
The right to erasure shall not apply to the extent that processing is necessary for exercising the right of freedom of expression and information, or for reasons of public interest in the area of public health. There is also no obligation to erasure for compliance with a legal obligation which requires processing by Union or Member State law or for the performance of a task carried out in the public interest. Also, there shall be no erasure for the establishment, exercise or defense of legal claims. As well as for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, if it is likely to render impossible or seriously impair the achievement of the objectives of that processing.
10.5 Right to data portability, Art. 20 GDPR
You shall have the right to receive the personal data, which you have provided to Veith & Glaser GbR, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller, e.g. by a direct download. We shall not interfere with data transmission. You can request data transmission by e-mail or regular mail. There are no further costs than the usual postage or transmission costs. We shall process your application without undue delay, at the latest within one month after receipt of the application. In case of rejection, you shall receive a reason.
10.6 Right to object, Art. 21 GDPR
You shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data. Veith & Glaser GbR shall no longer process the personal data unless there is a real threat of serious harm. Where you object to processing for direct marketing purposes (e-mail advertising), the personal data shall no longer be processed for such purposes. You can object by e-mail or regular mail. There are no further costs than the usual postage or transmission costs. We shall process your application without undue delay, at the latest within one month after receipt of the application. In case of rejection, you shall receive a reason.
10.7 Right to lodge a complaint with a supervisory board, Art. 77 GDPR
You shall have the right to lodge a complaint with a supervisory authority, if you consider that the processing of personal data infringes the provisions of GDPR. In case of Veith & Glaser GbR:
The Bavarian Commissioner for Data Protection
Phone: +49 89 (0) 212 672-0
11. Routine erasure and blocking of personal data
We process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to. The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract.
If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.
12. Profiling / Automatic decision-making
As a responsible company, we do not use profiling or automatic decision-making.
13. Data Security
We use the most common SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. Usually this is a 256 bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. Whether a single page of our website is transmitted in encrypted form is indicated by the closed display of the key or lock symbol in the lower status bar of your browser.
As the controller, Veith & Glaser GbR has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g. by telephone.
14. Changes of Terms and Conditions
Version: September 2019